Mobile Marketing Key Legal Issues: Mobile Technology, Location-Based Services, Mobile Commerce Navigating Evolving Laws on Privacy, Consumer Consent, Disclosures and More Today’s faculty features: 1pm Eastern | 12pm Central | 11am Mountain | 10am Pacific The audio portion of the conference may be accessed via the telephone or by using your computer's speakers. Please refer to the instructions emailed to registrants for additional information. If you have any questions, please contact Customer Service at 1-800-926-7926 ext. 10. TUESDAY, NOVEMBER 18, 2014 Presenting a live 90-minute webinar with interactive Q&A Nathan J. Hole, Partner, Loeb & Loeb, Chicago Brian Nixon, Esq., Loeb & Loeb, Washington, D.C. Christine M. Reilly, Partner, Loeb & Loeb, Los Angeles
73
Embed
Mobile Marketing Key Legal Issues: Mobile Technology ...media.straffordpub.com/products/mobile-marketing... · 11/18/2014 · Most mobile marketing initiatives involve data collection.
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Mobile Marketing Key Legal Issues:
Mobile Technology, Location-Based
Services, Mobile Commerce Navigating Evolving Laws on Privacy, Consumer Consent, Disclosures and More
Access controls / fraud and identity theft protection
Disclosure of collection and use of information
Dispute resolution procedures
ETA Best Practices and Guidelines for Mobile Payment Solutions
Reinforces other industry guidance and requirements (PCI-DSS, etc.)
26
TARGETED
ADVERTISING
27
Keyword Targeting
28 28
Contextual Targeting
29
First-party Targeting*
* First-party targeting is outside the DAA’s definition of online
behavioral advertising. 30
Behavioral Targeting
Web pages visited over time
create a profile of the user that
includes interests, demographic
data, location …
… using that profile, ads
are displayed that are
relevant to that user
31
Key Players in Targeted Advertising
32
Ad agencies
Ad exchanges
Ad networks
Demand-side platforms (“DSPs”)
Supply-side platforms (“SSPs”)
Data brokers and data aggregators
Data management platforms (“DMPs”)
Publishers
33
Benefits of OBA/targeted
advertising
• Benefits to publishers: maximize yield of all
available ad inventory across their web
properties, including “remnant” inventory
• Benefits to advertisers: acquire ad impressions
they desire at pricing , timing , and audience
composition that meet their campaign goals
34
How Real-Time Bidding Works
Advertiser #1: I offer $2 for this
impression because the visitor
abandoned a shopping cart on
my site 2 hours ago.
Advertiser #2: I offer $1.8 for
this impression because the
visitor is a 15- to 22-year-old
male with an interest in
sports.
Advertiser #3: I offer $1.6 for
this impression because this is an
authoritative movie and gaming
site.
2. Ad Exchange makes
available details of visitor,
Publisher site, and ad unit
to participating
advertisers/agencies.
4. Visitor sees ad from highest-paying
advertiser. Complete process takes place
while web page loads (1−5 milliseconds).
3. Ad Exchange selects
the highest-paying
advertiser and sends
corresponding creative
to Publisher website.
1. Visitor enters
Publisher website URL.
Publisher sends request
to Ad Exchange for 1 ad
of particular spec (e.g.,
a banner).
Ad
Exchange
Real-Time
Auction
35
HOW PLATFORMS ARE
USING DATA
36
Custom Audiences
Marketer uses its own first-
party data to create a target
audience and can layer
Facebook audience segments
over this to refine targeting
37
Amazon
Amazon Advertising Platform – A growing online
ad exchange using Amazon’s rich data about
purchases to target ads on third-party websites
Mobile Ad Network – Serves targeted ads on
mobile apps
Mobile Associates API – Allows third-party
mobile apps to embed Amazon e-commerce
feature into the app; app developer earns a
commission on purchases
38
39
Key Regulatory Issues
Self-Regulation
DAA manages a self-regulatory program for online and mobile targeted
advertising; DAA guidelines require notice and opportunity to opt out
BBB and DMA enforce the DAA guidelines — compliance actions have
focused on:
New code of conduct for companies that track shoppers in stores
requires notice and opportunity to opt out
Self-Regulatory Principles for Online Behavioral Advertising
Self-Regulatory Principles for Multisite Data
Application of Self-Regulatory Principles to the Mobile Environment
Opt-out links that did not work
Privacy policies that did not accurately describe a company’s data
collection and use practices
Failing to honor an opt-out request for five years
40
Notice
sdfdf
41
Website notice
Ad Choices icon in interest-targeted ad
Choice: Opt-out mechanism
42
Online and Mobile targeting 2.0
Mobile targeting – data is collected from the
mobile apps and mobile websites a user
engages with, as well as location data, to deliver
targeted ads.
Cross-device targeting – data is collected from a
variety of devices – desktop computer, tablet,
smartphone – and attributed to a single user to
tailor ads.
43
MOBILE PRIVACY
44
Mobile Privacy
45 45
Mobile Privacy Guidance –
FTC, DAA, NAI
Just-in-time disclosures
Affirmative express consent before
collecting sensitive consumer data
46
California AG Privacy Guidance
Readability
Use a format that makes the
privacy policy readable (e.g., a
layered format)
Online Tracking/Do Not Track
Clearly label the section of your
privacy policy that describes
your online tracking practices
State whether third parties
collect PII of consumers while
they are on your site
47
48
The FTC has initiated many enforcement actions against online and offline companies for violating the FTC Act by:
Not complying with a posted privacy policy
Changing a privacy policy (perhaps to reflect new technology or new partners/vendors) and not giving consumers notice or the opportunity to opt out of the new policy
Failing to adequately safeguard data
Claiming to provide adequate security for data and then failing to do so
Failing to adequately disclose what data is collected and for what purpose
Failing to honor opt-out promises
v.
“If a company markets privacy and security as key selling points in pitching its
service to consumers, it is critical that it keep those promises…. Any company
that makes misrepresentations to consumers about its privacy and security
practices risks FTC action.”
- FTC Chairwoman Edith Ramirez
49
FTC complaint asserted Snapchat:
Collected users’ contacts information from their address books
without notice or consent
Transmitted geolocation data (despite a privacy policy saying it
would not track or access such data)
Made promises about data security, but failed to secure its features
(which led to hacking of 4.6 million users’ phone numbers and user
names)
Survey of 121 shopping apps found that many of the apps do not provide consumers with important information – such as how the apps handle consumer data – prior to download.
The Report recommends:
Apps should make clear consumers’ rights and liability limits for unauthorized, fraudulent, or erroneous transactions.
Apps should more clearly describe how they collect, use, and share consumer data.
Companies should ensure that their data security promises translate into sound data security practices.
50
FTC Study on Mobile Shopping Apps
Global Focus on Mobile Privacy
In Sept. 2014, the Global Privacy Enforcement Network (“GPEN”) published the results of an enforcement sweep carried out in May 2014 to assess mobile app compliance with data protection laws.
Twenty-six data protection authorities worldwide evaluated 1,211 mobile apps and found that a large majority of the apps are accessing personal data without providing adequate information to users.
51
52
Mobile App Short-Form Notices NTIA Code of Conduct encourages app developers and publishers to adopt a short form notice describing:
the collection of these types of data (whether or not consumers know that it is being collected): Biometrics
Browser History
Phone or Text Log
Contacts
Financial Info
Health, Medical or Therapy Info
Location
a means of accessing a long form privacy policy, if separate;
the sharing of user-specific data, if any, with certain third parties; and
the identity of the entity providing the app.
TCPA AND
MOBILE MARKETING
53
54
Consent for Mobile Calls
Customer service/ informational calls:
• Prior express consent required
Debt collection calls:
• Prior express consent required
Marketing calls:
• Prior express written consent required
(effective October 16, 2013)
You ALWAYS need some kind of
consent when dialing mobile phones
using an autodialer, artificial voices or
prerecorded voice messages!
55
The “TCPA Wireless Cliff” – October 16, 2013
Game changer for
mobile marketing!
The FCC changed the rules. As of October 16,
2013, verbal consent to initiate mobile
telemarketing telephone calls (including text
messages) through automated technology
(prerecorded voices or autodialers) is no longer
sufficient. “Prior express written consent” is
now required prior to initiating such calls.
56
Prior Express Written Consent
Identify each specific seller to whom consent is being provided
Identify the consumer’s phone number
Indicate an affirmative agreement (i.e., I agree/ consent)
Disclose that the consumer is authorizing the seller to engage in
advertising or telemarketing (i.e., offers for products/services)
Disclose that the calls will be made using automated technology
Disclose that the consumer is not required to provide consent as a
condition of purchasing goods or services
Obtain a written signature from the consumer (either
electronically through E-SIGN or handwritten)
For Telemarketing Calls Only:
57
What is Telemarketing?
• “Advertisement” means any material advertising the commercial
availability or quality of any property, goods or services.
• “Telemarketing” means the initiation of a telephone call or
message for the purpose of encouraging the purchase or rental of,
or investment in, property, goods, or services, which is transmitted
to any person.
• As a general rule, calls that are not purely informational in
purpose and message constitute telemarketing.
• Dual-purpose calls (calls that have both an informational and a
telemarketing purpose) are considered telemarketing.
58
Revocation of Consent
Diamonds are forever, but is consent?
59
Revocation of Consent
Gager v. Dell Financial Services LLC, 2013 U.S. App. LEXIS
17579 (3rd Cir. Aug. 22, 2013)
• Plaintiff provided cell number on application for credit to
purchase computer equipment. Dell left prerecorded
collection messages on her cell phone, continuing to call
after plaintiff sent a letter requesting that the calls stop.
• In a case of first impression for a federal appellate court, the
Third Circuit held that consumers have the right to revoke
consent and that there is no temporal restriction on that right.
• Third Circuit reasoned:
• Consent can be revoked under common law.
• Any ambiguity should be resolved in favor of the consumer.
• FCC’s Soundbite advisory ruling suggests that consent under the
TCPA can be revoked.
60
Reassigned Mobile Numbers
• Consent of prior subscriber does not serve as “the prior express
consent of the called party” required by the TCPA for autodialed
calls to cell phone numbers. “Consent to call a given number
must come from its current subscriber.”
• Court ruling:
• “Called party” means current subscriber
• “The phrase ‘intended recipient’ does not appear anywhere in
Section 227, so what justification could there be for equating ‘called
party’ with ‘intended recipient of the call’?”
• Rejects argument that consent for telephone number is effective until
revoked
Soppet v. Enhanced Recovery Systems, 2012 U.S. App. LEXIS 9560 (7th Cir. May 11,
2012); see also Osorio v. State Farm Bank, F.S.B., 2014 U.S. App. LEXIS 5709 (11th
Cir. March 28, 2014)
61
Forward to a Friend
Online Form:
Send a SuperDuper GiftCard to a friend and earn
rewards now! Just fill out the form below.
Text Message to Friend:
“Christine Reilly sent you a SuperDuper GiftCard!
Click: http:/secure.com/giftcard to access your
SuperDuper GiftCard. Reply Stop 2 end. Msg&Data
Rates may apply.”
First Name: Brian
Last Name: Nixon
Mobile No. 202-123-4567
Message Happy birthday!
62
Vicarious Liability
Sellers can be held liable for TCPA violations
committed by third-party telemarketers
making calls on the seller’s behalf.
Two theories of liability:
Direct liability—seller has “initiated” the
call given its very direct involvement (e.g.,
giving the third party specific and
comprehensive instructions as to timing
and manner of the calls) or
Vicarious liability—seller may be held
vicariously liable for the acts of third party
telemarketers under federal common law
principles of agency (agency, apparent
authority and ratification).
DISH Network Petition, FCC Declaratory Ruling
issued on May 9, 2013.
63
Vicarious Liability
Plaintiff brought suit against Taco Bell alleging
that text message marketing campaign by
group of Chicago-area Taco Bell franchise
owners violated the TCPA.
Actual sender of the message was a third-party
service provider, which acted at the direction of
the Chicago owners’ advertising agency. Court
found no evidence that Taco Bell controlled or
had the right to control the company or the
manner and means of the text message
campaign, and therefore the third-party agency
was not an agent of Taco Bell.
Thomas v. Taco Bell Corp., 2014 U.S. App. LEXIS
12547 (9th Cir. July 2, 2014) (unpublished)
64
User-Initiated Texts
65
Best Practices
• Vendor Agreements
• Supplier Terms & Conditions/
Indemnification
• Brokered Lists
• TCPA Disclosures
• Scrubbing and Opt-Outs
• Recordkeeping
• TCPA For Your Business
66
Brokered Lists
“Let’s buy a list!” Common practice in the advertising and marketing industry
Demand proof from vendor of consumer opt-ins/ consent
Was there a TCPA compliant disclosure?
Double-opt ins are preferred – must be reliable
If a lawsuit is filed, will the vendor provide you with a list of
numbers and documentation regarding how consent was
obtained?
67
TCPA Disclosures
Paper Form
Website
U.S. Mail
Mobile App
Email
Text Message Telephone
68
TCPA Disclosures
Website Sign-Up
Consent: By checking this box and clicking the “I agree”
button below, I verify this is my mobile number and
consent to receive text messages via automated
technology to this number regarding product offers by or
on behalf of [name of seller(s)]. I understand that
consent is not required to make a purchase. I also agree
to the Terms and Conditions and the Privacy Policy.
Message and Data rates may apply.
69
TCPA Disclosures
Signage—Call to Action
SIGN UP FOR OFFERS! Interested in receiving offers via text message to your mobile phone?
Text “Join” to 78391 to sign up today! By texting “Join” from your mobile number, you agree
to receive marketing messages generated by an automated dialer from ABC Company to your
mobile number. Consent not required to make a purchase. Limit 5 txts/mth. Message and
Data rates may apply.
Text Message
[Company Name]: U r signing up 4 mobile offers via automated technology. Reply YES to
confirm, NO to stop.
Confirmatory Text Message
[Company Name]: Congrats! U r now signed up 4 mobile txt offers! Reply STOP to cancel, reply
HELP for help.
70
Scrubbing and Opt-Outs
• Opt-Outs: Honor opt-outs immediately,
whether verbal or in writing.
• DNC: Have a DNC policy, which includes
regularly scrubbing phone numbers against the
federal DNC, state and internal DNC lists.
• Suppression Policy: Have a suppression
policy and procedure in place, which includes
immediately blacklisting and/or blocking phone
numbers that complain about the receipt of
unauthorized calls.
71
Recordkeeping
• Maintain consent records for 4 years
• Carefully document the date and substance of changes, such as
changes to any registration or opt-in process
• Maintain organized and detailed records so you can easily
access, search, and retrieve relevant data
• Document the process and technology used to send text
messages and/or make calls
• Create snapshots of information at static points in time
• Use Camtasia to record registration or opt-in processes